Reducing cost and increasing efficiency are primary motivations for utilizing a public cloud for data storage and processing. However, data stored in the cloud may be vulnerable to other clients of the cloud as well as to the cloud provider themselves. In particular, data security, unauthorized data disclosure due to insider access to the infrastructure and a shared multi-tenant environment all contribute to such vulnerability. Rather than a physical separation of resources, there is a greater dependence on logical separation for providing security.
Encryption is one technique for achieving logical separation of client data from other clients. However, key management can be difficult to achieve due to a need to protect a master (root) key as well as backup, disaster and recovery. Further, for many systems and, e.g., regulatory compliance, mechanisms for achieving dependable auditing may be required. Loss of control of data may complicate achieving such compliance.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.